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DETAILED ACTION 

Response to Amendment 
This office action is in response to amendment filed on 4/14/05. Original application 
contained Claims 1-13. Applicant added Claim 14, and amended Claims 1 and 10. The 
amendment filed on 4/14/05 have been entered and made of record. Therefore, presently pending 
claims are 1-16. 

Response to Arguments 

Applicant's arguments filed 12/08/04 have been fully considered but they are not 
persuasive because of following reasons. 

Applicant argued that neither of the references addresses the problem of preventing a 
password from being improperly obtained. This is not found persuasive. Guski et al. Discloses a 
system for authenticating a user using password PW and preventing a password to be improperly 
obtained by using key k (column 9 lines 22-30). 

The applicant also argued that neither of these references discloses or suggests the unique 
use of the generator module of the present invention-that is the use of the generator module, as 
part of the computer's operating system. This is not found persuasive. As shown in fig. 3 The 
password generator 3 12 is a part of the node 104, and therefore, the password generator is a 
module/layer or part of the operating system of node 104. 

In reference to generator module, the applicant argues that the generator module of the 
present invention is in series between a user and a program to the program. This is not found 
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persuasive because the applicant does not claim the generator module being in series between a 
user and a program . 

In further reference to the generator module, the applicant argues that it is used to encrypt 
the user program and to pass the encrypted password to the program. The applicant argues 
further "the independent claims 1 and 10 describe the above -discussed feature of the invention." 
The above-discussed feature includes the generator module used to encrypt the user program and 
to pass the encrypted password to the program. This is not persuasive because the above- 
discussed feature is not claimed in either claim 1 or claim 10. 

The applicants remarks indicate that there exists a claim 17, where claim 16 is an 
independent claim. However the listed claims are 1-16 where claim 15 is the independent claim 
and claim 16 is dependent on claim 15. 

The examiner asserts that Guski and Abdi do teach or suggest the subject matter broadly 
recited in independent Claims 1-14. Dependent Claims 2-9 and 1-14 are also rejected at least by 
virtue of their dependency on independent claims and by other reason set forth in this office 
action. Accordingly, rejections for claims 1-14 are respectfully maintained. 

Claim Rejections - 35 USC §103 

Claims 1, 6, and 8-10 are rejected under 35 U.S. C. 103(a) as being unpatentable over 
Guski et al (5,592,553) in view of Abadi et al (6,141,760). 

In reference to claims 1 and 8-10, Guski discloses a system and method for generating a 
one-time password that changes pseudorandomly with each request for authentication. The 
method includes the password generator, 104 (the generator module of the operating system) 
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receiving a program-specific identifier (H(E)) from said program (E) and receiving a password 
PW (310). The program specific identifier disclosed by Guski is the host application identifier 
(column 7 lines 28-32). Guski further discloses sending said program-password-specific 
identifier (F(H(E),p)) to said program (E), said program-password-specific identifier (F(H(E),p)) 
being processable by said program (E). The password (214) generated at the Security server 
(208) is sent to the client (202) where it is processed by creating the signon request (216) using 
specific ID. 

Guski does not expressly disclose receiving said password (p); generating from at least 
said program-specific identifier (H(E)) and said received password (p) a program-password- 
specific identifier (F(H(E),p)). 

However Abadi discloses creating passwords for password controlled access points 
(abstract). The method includes the user sending a master password (column 2 lines 64-65). The 
system disclosed by Abadi generates the passwords using a hard to invert function F to combine 
the user name,. service name, and master password (column 3 lines 26-33). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to send a password from the client to the server of Guski to create the password as 
disclosed by Abadi. One of ordinary skill in the art would have been motivated to do this 
because users have to remember a large number of different passwords and creating passwords 
using a computerized method would reduce the number of passwords a user must remember and 
create more random, and therefore secure, passwords. 

In reference to claim 6 y Guski does not discloses a system wherein the program- 
password-specific identifier (F(H(E),p,s)) is generated from the program-specific identifier 
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(H(E)), the received password (p), and an additional value (s), said additional value (s) 
characterizing a device (2) where the program-password-specific identifier (F(H(E),p,s)) is 
generated. 

However Abadi discloses a system wherein the program-password-specific identifier 
(F(H(E),p,s)) is generated from the program-specific identifier (H(E)), the received password (p), 
and an additional value (s), said additional value (s) characterizing a device (2) where the 
program-password-specific identifier (F(H(E), p ,s)) is generated (Fig. 2). The additional value 
is the user name. The user name is characterizes the device because the device is used or owned 
by the user. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to send a password from the client to the server of Guski to create the password as 
disclosed by Abadi. One of ordinary skill in the art would have been motivated to do this 
because users have to remember a large number of different passwords and creating passwords 
using a computerized method would reduce the number of passwords a user must remember and 
create more random, and therefore secure, passwords. 

Claim 2, 7, 11, and 14 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Guski and Abadi as applied to claim 1 above, and further in view of Schneier. 

In reference to claims 2, 11, and 14, Guski and Abadi do not disclose the program 
specific identifier derived by applying a first cryptographic function preferably a one-way hash 
function. Although Abadi discloses the second cryptographic function being a hard to invert 
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function, where a one-way hash function is a hard to invert function, neither Guski not Abadi 
expressly disclose the second function being a one-way hash function, such as MD5 or SHA-1. 

Schneier discloses the MD5 and SHA as hash functions that are used to create a hash 
value such that it is hard to find another pre-image message that produces the same hash value 
(page 429 paragraph 2); and therefore performs the function of H(E) of creating an identifier. 
Schneier further discloses the on-way hash function used to for security because the hash value is 
easy to compute, but difficult to reverse (page 429 paragraph 2). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the hash functions as disclosed by Schneier to create the identifier and a 
secure password in the system of Guski. One of ordinary skill in the art would have been 
motivated to do this because hash function prevent the substitution of a different pre-image 
message for the original pre-image message by providing a "fingerprint" of the pre-image. 

In reference to claim 7, Guski and Abadi doe not disclose a system wherein the program- 
password-specific identifier (F(H(E),p)) is used as a key to decrypt another program. 

Schneier discloses the use of a pass phrase (password) that is transformed into a random 
key by a one-way hash function (page 174 paragraph 2) 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the hash functions as disclosed by Schneier to create the identifier and a 
secure password in the system of Guski. One of ordinary skill in the art would have been 
motivated to do this because hash function prevent the substitution of a different pre-image 
message for the original pre-image message by providing a "fingerprint" of the pre-image. 
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Claims 3-5, and 12-13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Guski and Abadi as applied to claim 1 above, and further in view of Cheng et al. 

In reference to claim J, Guski and Abadi do not disclose a system wherein a password- 
reading program (26) and the program-specific identifier (H(E)) are provided by means of a 
trusted computing base (TCB), preferably for both the same trusted computing base (TCB). 

Cheng discloses a computer software architecture for distributed systems based on 
Trusted Computing Base program (Introduction page 216 paragraph 2). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the trusted computing base as in Cheng in the system of Guski. One of 
ordinary skill in the art would have been motivated to do this because TCB provides confidents 
that it enforces correctly a system security policy and satisfies some critical assurance criteria. 

In reference to claim 4, Guski and Abadi do not disclose a system wherein the password 
(p) is received at the password-reading program (26), and, while said password-reading program 
(26) is executed, all I/O devices are locked and other programs are blocked. 

Cheng discloses key distribution in a system based on TCB. One of the conditions 
required is that A and B believe that the key shared between them is secret shared exclusively 
(Section 4). Locking the I/O and blocking programs when the password is received ensures that 
only the trusted application A and trusted application B have the password. 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to use the trusted computing base as in Cheng in the system of Guski. One of 
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ordinary skill in the art would have been motivated to do this because TCB provides confidents 
that it enforces correctly a system security policy and satisfies some critical assurance criteria. 

In reference to claims 5 and 12-13, Guski and Abadi do not disclose a system wherein 
the fact that the password-reading program (26) is executed based on the trusted computing base 
(TCB) is indicated via a signal, preferably by illuminating an LED (28), while the password- 
reading program (26) receives the password (p). 

At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to indicate while the password-reading program receives the password in the 
system of Guski. One of ordinary skill in the art would have been motivated to do this because 
indicating will inform the user that a security process is in progress. 

Allowable Subject Matter 

Claims 15-16 allowed. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 . 136(a). 

- A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
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will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paula W Klimach whose telephone number is (571) 272-3854. 
The examiner can normally be reached on Mon to Thr 9:30 a.m to 5:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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